Realtime Platform
Realtime Platform

API Reference

Admin API

Signing key management, user administration, roles, and invites.

The Admin API provides endpoints for managing JWT signing keys, users, roles, and invites. These endpoints require admin-level permissions.

Signing Keys

List Keys

GET /api/admin/keys

Response:

[
  {
    "keyId": "key_abc123",
    "algorithm": "HS256",
    "active": true,
    "createdAt": 1710000000000
  }
]

Create Key

POST /api/admin/keys

Generates a new signing key pair. The secret is returned only once.

Deactivate Key

POST /api/admin/keys/:id/deactivate

Deactivated keys can no longer sign new tokens but existing tokens remain valid until expiration.

Rotate Key

POST /api/admin/keys/:id/rotate

Creates a new key and deactivates the old one in a single atomic operation.

Users

List Users

GET /api/users

Get User

GET /api/users/:id

Create User

POST /api/users

Request Body:

{
  "name": "Jane Smith",
  "email": "[email protected]",
  "password": "secure-password"
}

Update User

PATCH /api/users/:id

Delete User

DELETE /api/users/:id

Change Password

POST /api/users/:id/change-password

MFA Management

POST /api/users/:id/mfa/setup     # Start MFA setup (returns QR code)
POST /api/users/:id/mfa/confirm   # Confirm MFA with TOTP code
POST /api/users/:id/mfa/disable   # Disable MFA

Role Assignments

POST /api/users/:id/roles          # Assign role
DELETE /api/users/:id/roles/:roleId # Remove role

Roles

List Roles

GET /api/roles

Built-in Roles:

RoleDescription
super_adminFull system access
adminManage topics, schemas, mappings, users
editorCreate and modify topics, schemas, mappings
viewerRead-only access

Create Custom Role

POST /api/roles

Request Body:

{
  "name": "webhook_manager",
  "description": "Can manage webhook endpoints",
  "permissions": [
    { "resource": "webhooks", "action": "read" },
    { "resource": "webhooks", "action": "create" },
    { "resource": "webhooks", "action": "update" },
    { "resource": "webhooks", "action": "delete" }
  ]
}

Update / Delete Role

PATCH /api/roles/:id
DELETE /api/roles/:id

Invites

List Invites

GET /api/invites

Create Invite

POST /api/invites

Request Body:

{
  "email": "[email protected]",
  "roleId": "role_editor"
}

Accept Invite

POST /api/invites/accept

Request Body:

{
  "token": "invite_token_abc123",
  "name": "New User",
  "password": "secure-password"
}

Revoke / Delete Invite

POST /api/invites/:id/revoke
DELETE /api/invites/:id

Get Invite by Token

GET /api/invites/by-token/:token

Used by the invite acceptance page to display invite details.